Major Windows Hole - Patch Now

Make sure you've got this patch: Microsoft issued on Tuesday a fix for a major vulnerability in its server service, used for file and print sharing. Since then, security companies and even the Department of Homeland Security are raising alarms about the risk of a widespread worm attack. My colleage Robert McMillan at the IDG news service wrote about it yesterday and today.

According to Microsoft's bulletin, the hole makes Windows XP (including SP2), Windows 2000 and Windows 2003 vulnerable to a remote attack that can take over your computer. The server service is on by default, so most every unpatched Windows PC is potentially vulnerable.

This one raises the worm fears because a piece of malicious software using the exploit could spread itself from PC to PC. You don't need to be browsing a poisoned Web site or open a corrupted e-mail attachment to get hit.

To protect yourself, get the patch from Microsoft directly or use Windows Update. Also, use a hardware or software firewall to block the bad guys' attempts to remotely connect to your PC. Most every firewall blocks all incoming connections unless you specifically allow some through, but check to make sure, or that at least TCP ports 139 and 445 are blocked.

Update: As Bob McMillan notes in his story today, attack code that hits this flaw is currently available as part of Metasploit, a popular tool for exploit research and penetration testing. HD Moore, head of the Metasploit project and well-known hacker, wrote that the Metasploit attack code doesn't affect Windows XP Service Pack 2 or Windows 2003 Service Pack 1.

Microsoft does say in its security bulletin that both those OS's are vulnerable, though, so be sure to patch no matter your OS.